Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The warp-speed digitalisation of our economies and societies has brought immense benefits. But it has also created huge vulnerabilities as today’s global outage demonstrated. For too long, governments and companies have acted on the assumption that cyber resilience is important but not urgent. The scale of this most recent digital failure — “the largest IT outage in history”, according to one security analyst — may help shift those considerations into the urgent bucket.
Rather than anything more sinister, the trigger for the cyber failure has been blamed on the most prosaic of reasons: a flawed software update. This came from the cyber security specialists CrowdStrike, causing so-called Blue Screens of Death initially to appear on computers in Australia running Microsoft’s Windows operating system. The digital paralysis rapidly spread around the world causing massive disruption at banks, airports, hospitals, television stations and many other organisations. Groups as varied as South Korean gamers, US airline operators, British doctors and French Olympic Games organisers were among those affected.
CrowdStrike, which has 29,000 global customers, said it was actively working to solve the problem. But it ruled out any malicious intent from any outside party, which some affected customers had initially feared. “This is not a security incident or cyber attack. The issue has been identified, isolated and a fix has been deployed,” George Kurtz, CrowdStrike’s chief executive, posted on X, without a hint of contrition for the chaos caused.
Opportunistic, rival cyber security companies were quick to declare that disrupted parties would need to spend even more on their services to prevent such incidents from reoccurring. But given that it was one of their highest-profile, industry-leading peers that caused the problem, customers might be rightly suspicious of their blandishments. Companies that have seen their metaphorical warehouses burn down rarely want to re-employ the arsonist.
The more practical response should be to ensure companies build redundancy and resilience into their own internal processes and systems. Every company needs to revisit their own disaster recovery plans and ensure they can return to business as usual as quickly as possible by whatever means. That often means depending on dedicated and creative staff, who can hand write airline boarding passes or rapidly switch to unaffected network services, for example.
Governments may be relieved that no malicious party appears to have been was involved and this seems to have been an operational screw-up rather than a cyber attack. But relief should not be an excuse for inaction. Yesterday’s digital meltdown only further highlights the worrying dependence of so many organisations on our global digital infrastructure and the fragility of modern economies. The public and private sector need to collaborate far more intensively, and pre-emptively, to ensure this infrastructure is as robust as possible.
This week, the new Labour government in the UK announced plans to upgrade the country’s cyber-defences to stymie hackers seeking to damage critical national infrastructure. But previous British governments also promised to update the 2018 Network and Information System Regulations, following extensive consultations, but never found sufficient parliamentary time to do so.
Much has been made of the supposed deglobalisation of the world economy as physical supply chains have been unwound and reshoring of manufacturing has become fashionable. But in the digital realm the opposite is true: the global economy has become ever more interconnected. Mainly US and Chinese software and digital services have been embedded in the operations of millions of organisations and the daily lives of billions of individuals. Globalisation may be slowing down, but e-globalisation is still accelerating. It is essential that, as far as possible, its dangers are minimised.
Read the full article here